PowerArchiver Buffer Overflow in 'DZIPS32.DLL' in Processing ZIP Archives Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016579 |
|
SecurityTracker URL: http://securitytracker.com/id/1016579
|
|
CVE Reference:
CVE-2006-3985
(Links to External Site)
|
Updated: Jun 13 2008
|
Original Entry Date: Jul 26 2006
|
Impact:
Execution of arbitrary code via network, User access via network
|
|
Version(s): 9.62.03 (English)
|
Description:
Tan Chew Keong reported a vulnerability in PowerArchiver. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted ZIP archive. When the target user adds a file to the archive, a buffer overflow in 'DZIPS32.DLL' will be triggered and arbitrary code executed on the target system. The code will run with the privileges of the target user.
The original report is available at:
http://vuln.sg/powarc962-en.html
|
Impact:
A remote user can create a file that, when processed by the target user, will execute arbitrary code on the target user's system.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.powerarchiver.com/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 25 Jul 2006 20:50:09 +0800
Subject: [vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability
|
[vuln.sg] Vulnerability Research Advisory
PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability
by Tan Chew Keong
Release Date: 2006-07-25
Summary
-------
A vulnerability has been found in PowerArchiver. When exploited, the
vulnerability allows execution of arbitrary code when the user adds a
file to a malicious ZIP archive.
Tested Version
--------------
PowerArchiver version 9.62.03 (English)
Details
-------
http://vuln.sg/powarc962-en.html
|
|
